CN115296932A - Method and device for detecting WAF interception effectiveness and storage medium - Google Patents
Method and device for detecting WAF interception effectiveness and storage medium Download PDFInfo
- Publication number
- CN115296932A CN115296932A CN202211210830.8A CN202211210830A CN115296932A CN 115296932 A CN115296932 A CN 115296932A CN 202211210830 A CN202211210830 A CN 202211210830A CN 115296932 A CN115296932 A CN 115296932A
- Authority
- CN
- China
- Prior art keywords
- response result
- attack
- request
- intercepted
- attack request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of information security, in particular to a method and a device for detecting WAF interception effectiveness and a storage medium, and aims to solve the problem of low efficiency in manual detection of interception effectiveness. The method for detecting the WAF interception effectiveness comprises the following steps: adding an attack load into the original request to generate a corresponding attack request; sending an original request to a target server and receiving a first response result; sending an attack request to a target server and receiving a second response result; if the first response result is received and the second response result is not received, judging whether the attack request is intercepted according to the state of the TCP connection initiating the attack; and if the first response result and the second response result are received, judging whether the attack request is intercepted according to the contents of the first response result and the second response result. The invention provides a simple and efficient automatic testing method, which effectively reduces the labor cost and greatly improves the detection efficiency.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a method and a device for detecting WAF interception validity and a storage medium.
Background
A Web Application Firewall (WAF) is a product that provides protection for a Web Application server by executing a series of security policies for HTTP/HTTPs.
In the related art, the software may detect the survival status of the WAF device, so as to determine whether the WAF is started, but cannot determine the effectiveness of WAF interception. To know whether the attack request is intercepted, the response information of the WAF under attack needs to be manually checked to judge.
The inventor believes that manually checking the effectiveness of WAF interception is labor intensive and inefficient.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a method and a device for detecting WAF interception effectiveness and a storage medium, which reduce the labor cost and improve the detection efficiency.
In a first aspect of the present invention, a method for detecting validity of WAF interception is provided, where the method includes:
adding an attack load into the original request to generate a corresponding attack request;
sending the original request to a target server and receiving a first response result; the target server is a Web server protected by the WAF;
sending the attack request to the target server and receiving a second response result;
and judging whether the attack request is intercepted or not according to the first response result and the second response result.
Preferably, the determining whether the attack request is intercepted according to the first response result and the second response result includes:
if the first response result is received and the second response result is not received, judging whether the attack request is intercepted according to the state of the TCP connection initiating the attack;
and if the first response result and the second response result are received, judging whether the attack request is intercepted or not according to the contents of the first response result and the second response result.
Preferably, the determining whether the attack request has been intercepted according to the state of the TCP connection initiating the attack includes:
if the TCP connection which initiates the attack is in error, determining that the attack request is intercepted;
otherwise, judging whether the TCP connection initiating the attack is overtime;
if yes, determining that the attack request is intercepted;
otherwise, determining that the attack request is suspected to be intercepted.
Preferably, the determining whether the attack request has been intercepted according to the content of the first response result and the second response result includes:
judging whether the state code in the first response result is the same as the state code in the second response result;
if yes, judging whether the attack request is intercepted or not according to the content similarity of the first response result and the second response result;
otherwise, determining that the attack request is intercepted.
Preferably, the determining whether the attack request has been intercepted according to the content similarity between the first response result and the second response result includes:
calculating the content similarity of the first response result and the second response result by using a fuzzy hash algorithm;
if the content similarity is smaller than or equal to a preset threshold value, determining that the attack request is intercepted; otherwise, determining that the attack request is not intercepted.
Preferably, the original request and the corresponding attack request are both multiple;
the method further comprises the following steps:
and recording the attack type and/or the vulnerability corresponding to the attack load and the judgment result of whether the attack request is intercepted or not.
In a second aspect of the present invention, an apparatus for detecting validity of WAF interception is provided, where the apparatus includes:
the attack request generating unit is used for adding an attack load into the original request to generate a corresponding attack request;
the original request sending and receiving unit is used for sending the original request to a target server and receiving a first response result; the target server is a Web server protected by the WAF;
the attack request sending and receiving unit is used for sending the attack request to the target server and receiving a second response result;
and the judging unit is used for judging whether the attack request is intercepted according to the first response result and the second response result.
Preferably, the determining unit is specifically configured to:
if the first response result is received and the second response result is not received, judging whether the attack request is intercepted according to a TCP connection state;
and if the first response result and the second response result are both received, judging whether the attack request is intercepted according to the contents of the first response result and the second response result.
Preferably, the original request and the corresponding attack request are both multiple;
the device further comprises:
and the recording unit is used for recording the attack type and/or the vulnerability corresponding to the attack load and the judgment result of whether the attack request is intercepted or not.
In a third aspect of the invention, a computer-readable storage medium is proposed, storing a computer program that can be loaded by a processor and which performs the method as described above.
The invention has the following beneficial effects:
the method for detecting the WAF interception effectiveness provided by the invention comprises the steps of firstly adding an attack load into a normal original request to generate a corresponding attack request; then, respectively sending an original request and an attack request to a target server, and receiving a corresponding first response result and a corresponding second response result; and finally, judging whether the attack request is intercepted or not according to the first response result and the second response result. If the first response result is received and the second response result is not received, judging whether the attack request is intercepted or not according to the state of the TCP connection initiating the attack; and if the first response result and the second response result are received, judging whether the attack request is intercepted according to the contents of the first response result and the second response result. The invention provides a simple and efficient automatic testing method, which effectively reduces the labor cost and greatly improves the detection efficiency.
Drawings
FIG. 1 is a schematic diagram illustrating the main steps of a first embodiment of a method for detecting WAF interception validity according to the present invention;
FIG. 2 is a schematic diagram of the main steps of a second embodiment of the method for detecting the effectiveness of WAF interception according to the present invention;
FIG. 3 is a schematic diagram of the main steps of a third embodiment of the method for detecting the WAF interception validity of the present invention;
fig. 4 is a schematic diagram of the main components of an embodiment of the apparatus for detecting the validity of WAF interception according to the present invention.
Detailed Description
Preferred embodiments of the present invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are only for explaining the technical principle of the present invention, and are not intended to limit the scope of the present invention.
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first" and "second" in the description of the present invention are used for convenience of description only and do not indicate or imply relative importance of the devices, elements or parameters, and therefore should not be construed as limiting the present invention. In addition, the term "and/or" in the present invention is only one kind of association relationship describing the associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship, unless otherwise specified.
The invention adopts one or more test cases when detecting the interception effectiveness of the WAF. Wherein, each test case comprises: an original request and an attack request generated by adding the original request to the attack load. And sending the two requests to the target server in sequence, and receiving corresponding response results. Then, by comparing the response results of the two requests, the interception validity of the WAF is judged. The target server in the embodiment of the invention is a Web server protected by WAF in particular, and under the ideal condition, the original request can normally pass through the WAF and is received by the target server, while the attack request can be intercepted by the WAF.
Fig. 1 is a schematic diagram of main steps of a first method for detecting WAF interception validity according to the present invention. As shown in fig. 1, the detection method of the present embodiment includes steps a10-a40:
step A10, adding an attack load into the original request to generate a corresponding attack request.
Step A20, sending the original request to the target server, and receiving the first response result.
Step A30, sending an attack request to the target server and receiving a second response result.
And step A40, judging whether the attack request is intercepted or not according to the first response result and the second response result.
In an alternative embodiment, there may be multiple test cases, so that the original request and the corresponding attack request are both multiple. After step a40, step a50 may also be included:
step A50, recording the attack type and/or the vulnerability corresponding to the attack load and the judgment result of whether the attack request is intercepted or not.
And recording detection results corresponding to various attacks, and being beneficial to comprehensively evaluating the interception effectiveness of the WAF by a user.
Fig. 2 is a schematic diagram of main steps of a second method for detecting WAF interception validity according to the present invention. As shown in fig. 2, the detection method of the present embodiment includes steps B10-B50:
the steps B10 to B30 are the same as the steps a10 to a30 in the first embodiment, and are not described herein again.
And step B40, if the first response result is received and the second response result is not received, judging whether the attack request is intercepted according to the state of the TCP connection initiating the attack.
For example, if an error such as reset, disconnection, etc. of a TCP connection when an attack is initiated is detected or a connection timeout occurs, the attack request may be considered to be intercepted, otherwise, the attack request is considered to be intercepted.
And step B50, if the first response result and the second response result are both received, judging whether the attack request is intercepted according to the contents of the first response result and the second response result.
If the first response result and the second response result are not received, the network failure or the target server failure is indicated, and the original request message may be written with a problem. If the first response result is not received but the second response result is received (which would not theoretically occur), it is also necessary to recheck whether the original request was wrongly written.
Fig. 3 is a schematic diagram of the main steps of a third embodiment of the method for detecting the effectiveness of WAF interception according to the present invention. As shown in fig. 3, the detection method of the present embodiment includes steps C10-C90:
the steps C10 to C30 are the same as the steps a10 to a30 in the first embodiment, and are not described again here.
Step C40, judging whether the first response result is received and the second response result is not received; if yes, go to step C50; otherwise go to step C70.
Step C50, judging whether the TCP connection which initiates the attack is in error; if yes, determining that the attack request is intercepted; otherwise, go to step C60.
When the attack is triggered, if a TCP state error is detected, such as connection RESET (RESET) or connection disconnection (FIN), it is determined as connectioneerror, i.e. a connection error.
Step C60, judging whether the TCP connection which initiates the attack is overtime; if yes, determining that the attack request is intercepted; otherwise, determining that the attack request is suspected to be intercepted.
When the attack is triggered, if it is detected that the target server does not return any response data within a preset time, it is determined that the connection timeout is reached, that is, the connection is over time.
Step C70, judging whether the first response result and the second response result are both received; if yes, go to step C80; otherwise, the program is ended, and it is necessary to check whether the test case itself is correct or check whether the network is unobstructed or not.
Step C80, judging whether the state code in the first response result is the same as the state code in the second response result; if yes, go to step C90; otherwise, determining that the attack request is intercepted.
And C90, calculating the content similarity of the first response result and the second response result by using a fuzzy hash algorithm.
If the WAF intercepts the attack request, the content of the second response result is an alarm prompt, so that the content similarity of the WAF and the alarm prompt is low.
Step C100, determining whether the content similarity is less than or equal to a preset threshold (97 in this embodiment); if yes, determining that the attack request is intercepted; otherwise, determining that the attack request is not intercepted.
Although the foregoing embodiments describe the steps in the above sequential order, those skilled in the art will understand that, in order to achieve the effect of the present embodiments, the steps may not be executed in such an order, and may be executed simultaneously (in parallel) or in an inverse order, and these simple variations are within the scope of the present invention.
Based on the same technical concept as the method embodiment, the application also provides an embodiment of the detection device, which is specifically described below.
Fig. 4 is a schematic diagram of the main components of an embodiment of the apparatus for detecting the validity of WAF interception according to the present invention. As shown in fig. 4, the detection device of the present invention includes: attack request generation unit 10, original request transmission and reception unit 20, attack request transmission and reception unit 30, and determination unit 40.
The attack request generating unit 10 is configured to add an attack load to an original request to generate a corresponding attack request; the original request sending and receiving unit 20 is configured to send an original request to the target server and receive a first response result; the target server is a Web server protected by WAF; the attack request sending and receiving unit 30 is configured to send an attack request to the target server and receive a second response result; the judging unit is used for judging whether the attack request is intercepted according to the first response result and the second response result.
In this embodiment, the determining unit 40 may be specifically configured to:
if the first response result is received and the second response result is not received, judging whether the attack request is intercepted or not according to the TCP connection state;
and if the first response result and the second response result are received, judging whether the attack request is intercepted according to the contents of the first response result and the second response result.
In an alternative embodiment, the original request and the corresponding attack request are both multiple. The detection device may further comprise a recording unit. The recording unit is used for recording the attack type and/or the vulnerability corresponding to the attack load and the judgment result of whether the attack request is intercepted or not.
Further, the present invention also provides an embodiment of a computer-readable storage medium storing a computer program that can be loaded by a processor and executed to perform the method as described above.
The computer-readable storage medium includes, for example: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
Those of skill in the art will appreciate that the method steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described above generally in terms of their functionality in order to clearly illustrate the interchangeability of electronic hardware and software. Whether these functions are performed in electronic hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
So far, the technical solution of the present invention has been described in connection with the preferred embodiments shown in the accompanying drawings. However, it will be readily understood by those skilled in the art that the scope of the present invention is not limited to these specific embodiments. Equivalent changes or substitutions of related technical features can be made by those skilled in the art without departing from the principle of the invention, and the technical scheme after the changes or substitutions can fall into the protection scope of the invention.
Claims (10)
1. A method for detecting the effectiveness of WAF interception, which is characterized in that the method comprises the following steps:
adding an attack load into the original request to generate a corresponding attack request;
sending the original request to a target server and receiving a first response result; the target server is a Web server protected by the WAF;
sending the attack request to the target server and receiving a second response result;
and judging whether the attack request is intercepted or not according to the first response result and the second response result.
2. The method according to claim 1, wherein the determining whether the attack request is intercepted according to the first response result and the second response result includes:
if the first response result is received and the second response result is not received, judging whether the attack request is intercepted according to the state of the TCP connection initiating the attack;
and if the first response result and the second response result are both received, judging whether the attack request is intercepted according to the contents of the first response result and the second response result.
3. The method according to claim 2, wherein the determining whether the attack request has been intercepted according to the state of the TCP connection initiating the attack comprises:
if the TCP connection which initiates the attack makes mistakes, determining that the attack request is intercepted;
otherwise, judging whether the TCP connection initiating the attack is overtime;
if yes, determining that the attack request is intercepted;
otherwise, determining that the attack request is suspected to be intercepted.
4. The method according to claim 2, wherein the determining whether the attack request has been intercepted according to the content of the first response result and the second response result includes:
judging whether the state code in the first response result is the same as the state code in the second response result;
if yes, judging whether the attack request is intercepted according to the content similarity of the first response result and the second response result;
otherwise, determining that the attack request is intercepted.
5. The method of claim 4, wherein the determining whether the attack request has been intercepted according to the content similarity between the first response result and the second response result includes:
calculating the content similarity of the first response result and the second response result by using a fuzzy hash algorithm;
if the content similarity is smaller than or equal to a preset threshold value, determining that the attack request is intercepted; otherwise, determining that the attack request is not intercepted.
6. The method for detecting the validity of WAF interception according to claim 1,
the original requests and the corresponding attack requests are multiple;
the method further comprises the following steps:
and recording the attack type and/or the vulnerability corresponding to the attack load and the judgment result of whether the attack request is intercepted or not.
7. An apparatus for detecting validity of WAF interception, the apparatus comprising:
the attack request generating unit is used for adding an attack load into the original request to generate a corresponding attack request;
the original request sending and receiving unit is used for sending the original request to a target server and receiving a first response result; the target server is a Web server protected by the WAF;
the attack request sending and receiving unit is used for sending the attack request to the target server and receiving a second response result;
and the judging unit is used for judging whether the attack request is intercepted or not according to the first response result and the second response result.
8. The apparatus for detecting validity of WAF interception according to claim 7, wherein the determining unit is specifically configured to:
if the first response result is received and the second response result is not received, judging whether the attack request is intercepted according to a TCP connection state;
and if the first response result and the second response result are both received, judging whether the attack request is intercepted according to the contents of the first response result and the second response result.
9. The apparatus for detecting WAF interception validity as recited in claim 7,
the original requests and the corresponding attack requests are multiple;
the device further comprises:
and the recording unit is used for recording the attack type and/or the vulnerability corresponding to the attack load and the judgment result of whether the attack request is intercepted or not.
10. A computer-readable storage medium, in which a computer program is stored which can be loaded by a processor and which executes the method according to any one of claims 1-6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211210830.8A CN115296932B (en) | 2022-09-30 | 2022-09-30 | Method and device for detecting WAF interception effectiveness and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211210830.8A CN115296932B (en) | 2022-09-30 | 2022-09-30 | Method and device for detecting WAF interception effectiveness and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115296932A true CN115296932A (en) | 2022-11-04 |
CN115296932B CN115296932B (en) | 2023-01-06 |
Family
ID=83833177
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211210830.8A Active CN115296932B (en) | 2022-09-30 | 2022-09-30 | Method and device for detecting WAF interception effectiveness and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115296932B (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105391703A (en) * | 2015-10-28 | 2016-03-09 | 南方电网科学研究院有限责任公司 | Cloud-based WEB application firewall system and security protection method thereof |
CN106161478A (en) * | 2016-09-19 | 2016-11-23 | 成都知道创宇信息技术有限公司 | Accurate attack recognition method based on the change of http response head |
CN106341406A (en) * | 2016-09-19 | 2017-01-18 | 成都知道创宇信息技术有限公司 | Accurate attack identification method based on HTTP response entity text HTML DOM tree change |
CN106506547A (en) * | 2016-12-23 | 2017-03-15 | 北京奇虎科技有限公司 | Processing method, WAF, router and system for Denial of Service attack |
CN107426202A (en) * | 2017-07-13 | 2017-12-01 | 北京知道未来信息技术有限公司 | A kind of method that automatic test WAF intercepts rule |
CN109167792A (en) * | 2018-09-19 | 2019-01-08 | 四川长虹电器股份有限公司 | A kind of novel WAF design method based on Nginx |
US20200036736A1 (en) * | 2018-07-26 | 2020-01-30 | Wallarm, Inc. | Targeted attacks detection system |
CN111988280A (en) * | 2020-07-24 | 2020-11-24 | 网宿科技股份有限公司 | Server and request processing method |
-
2022
- 2022-09-30 CN CN202211210830.8A patent/CN115296932B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105391703A (en) * | 2015-10-28 | 2016-03-09 | 南方电网科学研究院有限责任公司 | Cloud-based WEB application firewall system and security protection method thereof |
CN106161478A (en) * | 2016-09-19 | 2016-11-23 | 成都知道创宇信息技术有限公司 | Accurate attack recognition method based on the change of http response head |
CN106341406A (en) * | 2016-09-19 | 2017-01-18 | 成都知道创宇信息技术有限公司 | Accurate attack identification method based on HTTP response entity text HTML DOM tree change |
CN106506547A (en) * | 2016-12-23 | 2017-03-15 | 北京奇虎科技有限公司 | Processing method, WAF, router and system for Denial of Service attack |
CN107426202A (en) * | 2017-07-13 | 2017-12-01 | 北京知道未来信息技术有限公司 | A kind of method that automatic test WAF intercepts rule |
US20200036736A1 (en) * | 2018-07-26 | 2020-01-30 | Wallarm, Inc. | Targeted attacks detection system |
CN109167792A (en) * | 2018-09-19 | 2019-01-08 | 四川长虹电器股份有限公司 | A kind of novel WAF design method based on Nginx |
CN111988280A (en) * | 2020-07-24 | 2020-11-24 | 网宿科技股份有限公司 | Server and request processing method |
Also Published As
Publication number | Publication date |
---|---|
CN115296932B (en) | 2023-01-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108268354B (en) | Data security monitoring method, background server, terminal and system | |
CN109617885B (en) | Attack and subsidence host automatic judgment method and device, electronic equipment and storage medium | |
US8677493B2 (en) | Dynamic cleaning for malware using cloud technology | |
US20160234230A1 (en) | System and method for preventing dos attacks utilizing invalid transaction statistics | |
JP6226990B2 (en) | Server-side application assurance against security vulnerabilities | |
JP5920169B2 (en) | Unauthorized connection detection method, network monitoring apparatus and program | |
CN109922062B (en) | Source code leakage monitoring method and related equipment | |
CN114095258B (en) | Attack defense method, attack defense device, electronic equipment and storage medium | |
CN109905410A (en) | Web application safety protecting method and Web application firewall system | |
CN111881460B (en) | Vulnerability exploitation detection method, system, equipment and computer storage medium | |
CN110995684B (en) | Vulnerability detection method and device | |
CN115296932B (en) | Method and device for detecting WAF interception effectiveness and storage medium | |
US20210084060A1 (en) | Cryptocurrency mining detection using network traffic | |
JP2006067605A5 (en) | ||
CN108282446A (en) | Identify the method and apparatus of scanner | |
CN109005181B (en) | Detection method, system and related components for DNS amplification attack | |
CN101651692B (en) | Network security protection method, security server and forwarding device | |
US8001243B2 (en) | Distributed denial of service deterrence using outbound packet rewriting | |
CN114095177B (en) | Information security processing method and device, electronic equipment and storage medium | |
CN105939315A (en) | Method and device for protecting against HTTP attack | |
CN113162933B (en) | Method, device and equipment for identifying blacking state of vulnerability scanning engine | |
JP2004030287A (en) | Bi-directional network intrusion detection system and bi-directional intrusion detection program | |
CN112153036B (en) | Security defense method and system based on proxy server | |
US20210073384A1 (en) | System and method for generating a representation of a web resource to detect malicious modifications of the web resource | |
CN112543177A (en) | Network attack detection method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |